Cons

Bottom Line

The Kure promises to revert your PC to a clean state on every reboot and includes an antivirus component to help you get to that clean state.
The clean-on-reboot component works fine, but the antivirus could use work.

July 28, 2016Neil J. Rubenking

Testing antivirus utilities with live malware can be risky. To minimize the possibility of damage during testing, I use virtual machines. When the test is done, I just revert the virtual machine to its clean, pre-test state. The Kure does something very similar to protect your PC. When you reboot, it restores the PC to a previous malware-free state, wiping out any changes except your own documents, pictures, and so on. And a ransomware-recovery feature reverses malicious changes to those documents.

The main thing it can't do is claw back any data that may have been stolen by a Trojan—it only reverts your PC, not the outside world. Malicious changes in folders you've exempted from The Kure's ministrations also can't always be reversed.

That being the case, you do still need some kind of real-time antivirus protection, but at $19.95 per year, The Kure isn't an expensive addition. VoodooSoft VoodooShield 2.0, a somewhat similar utility, costs about the same. Quietzone also bears some similarity to The Kure, but at $14.99 per month it's in a different price league.

Several months ago I reviewed an earlier version of The Kure, one that attempted to incorporate an antivirus engine licensed from McAfee. That antivirus integration proved seriously problematic. It just didn't work right. The company went back to the drawing board, eliminating integrated antivirus and focusing on the effective revert-to-safety technology that's at the heart of The Kure. They also made a few fixes and streamlined a number of awkward areas that I pointed out in my earlier review. That edition of The Kure is a big improvement.

However, the ransomware protection in that updated edition failed in my testing. The developers went back to the drawing board and came up with a completely different (and significantly better) method for ransomware recovery. After examining it, I deemed it important enough to update my review.

Getting Started With The Kure When you purchase The Kure, you receive a transaction number that identifies you as a customer and a serial number for the particular installation. Hang onto those; you'll need them.

However, before you proceed to install The Kure, you absolutely must make sure that you've got a clean system to start with. Use a free, cleanup-only antivirus to make a thorough scan. Our Editors' Choice in this area is the well-known Malwarebytes Anti-Malware 2.0.

Now you can install The Kure. The installation process is straightforward. Run the install wizard, give it your credentials, and reboot. That gets The Kure installed.

When you launch the program after reboot, you see there's a little more work to do. Necessarily, The Kure starts off disabled. Before you enable it, you should take care of some minor configuration issues. When you click Settings, you notice that The Kure handles Windows Updates automatically. That's nice! Quietzone doesn't handle those updates itself, so you have to disable it, run the updates, and enable again.

Don't meddle with Advanced Settings. If you do, you get two layers of warnings telling you to leave these settings alone unless instructed by Tech Support.

Do click the Saved Folders button, however. This button lets you review and possibly modify the list of folders where The Kure allows permanent changes, changes that survive its reset-on-reboot purge. By default, the list includes desktop, pictures, music, documents, and favorites for each user of the system. If there are other folders whose contents shouldn't be discarded on reboot, add them here.

When you're done, click Go Back twice to reach the main screen. Click the Enable Protection button and reboot. The Kure is now active.

How It Works When The Kure is enabled, it virtualizes all changes to the file system and Registry. Programs work just as they would without The Kure. However, when you reboot, The Kure discards all of those changes. Really, it's as simple as that.

Of course, if you just finished writing the Great American Novel, only to have it vanish on reboot, you wouldn't be too happy. That's why The Kure exempts the personal folders I mentioned earlier, ensuring that files you save there won't be discarded.

You may have used The Kure's commercial version without realizing it. Did you ever use a public computer kiosk in a hotel lobby to print your boarding pass? Many of those kiosks—two million of them, according to the company website—are automatically sanitized using the commercial version of The Kure's technology. The company has recently received a US patent for this technology.

Change Your Habits When you rely on The Kure for protection, you absolutely must get in the habit of turning your computer off at the end of the day. If it just goes into sleep mode or hibernation, with no actual reboot, then it doesn't get sanitized by The Kure.

When you install new software on a system protected by The Kure, it's a multistep process. First, disable The Kure and reboot. Next, install the software. Finally, re-enable The Kure and reboot once more. If you forget and start to install a new program while The Kure is enabled, it pops up a helpful reminder and offers to reboot in unprotected mode. That's handy!

The Kure automatically handles getting Windows updated, but not your browsers or other programs. Your best bet is to set aside some time every week to make sure everything gets necessary updates. Disable The Kure and reboot. Launch your browsers and make sure they get any needed updates. Check things like Adobe Reader and Adobe Air. Many programs include a menu item to check for updates; find and click all those.

During this update-fest, don't do anything else on the computer. Don't visit websites. Don't check email. Don't plug in any USB drives. Do nothing but install updates. When you're done, enable The Kure and reboot. Once you get used to this regimen, it shouldn't take long.

Change Your Antivirus What about antivirus protection? According to The Kure's website, you don't need any! But I don't buy that. Without real-time antivirus protection, a malware infestation could own your computer, right up to the moment you reboot. And yet, your usual antivirus will have some trouble working alongside The Kure.

Symantec Norton Security Premium boasts "pulse updates" that bring it the latest malware definitions as often as every few minutes. Most competing products check for signature updates at least every hour or so. And having the latest updates is essential to defending against the latest malware. The ill-fated McAfee integration was intended to solve this problem.

In this situation, Webroot SecureAnywhere AntiVirus (2016) is a logical choice. It doesn't rely on a local signature database, instead detecting malware by checking behavioral signatures with its cloud component. If it detects a suspicious program, it journals all activity pending full analysis, and rolls back everything the program did if it later proves malicious.

I asked my Webroot contact how the program would handle The Kure's reboot-to-revert mechanism. He noted that it might cause a bit of trouble for the journaling mechanism, but that in general it shouldn't be a problem for the user. Of course, you should include the antivirus in your periodic update regimen, in case program updates turn up.

Still Some Hype In my earlier review,s I referenced the unusual hype level on The Kure's website. The moment you open the page, a 30-minute infomercial starts playing. I called out some specific statements in the infomercial that were simply not supported by facts.

With the changes in the program, the website also got revamped, to an extent, though the hype level is still pretty high. I didn't listen to the entirety of the infomercial; infomercials just aren't my thing. But I can see that the site is still very…colorful.

I do still find some statements that I can't accept. For example, "It's like an artificial intelligence. It knows what documents you have created." In fact, all it knows is what folders you've chosen to protect against being discarded. Period.

It's true that I'm reviewing the product, not the website. But I do feel a lot more confidence looking at a website that offers a clear and simple description of the product's features, perhaps with links to third-party verification.

Ransom Me Not! I am pleased to note that The Kure promises protection against the growing problem of ransomware. As it happens, three items in my collection of malware samples are ransomware, though one of them won't perform on demand. One sample doesn't attempt to encrypt files. Rather, it takes over the desktop and locks away all Windows features and programs. That one was a snap for The Kure, since the ransomware requires a reboot to get fully entrenched. Upon reboot, no ransomware!

I loaded my test system's documents and music folders with some tempting files and turned the encrypting ransomware sample loose, after disabling the test system's network connection. The ransomware couldn't resist; it encrypted the files and displayed a message warning that I would lose them forever if I didn't pay the ransom. Luckily, I have The Kure! I rebooted the system to recover. Alas, it didn't start up properly.

I clicked the prominent Connect to a Tech link in the main program. The Kure live support is only available from 8 a.m. to 6 p.m. Eastern, meaning West Coast users had better make sure to connect before late afternoon.

The technician took control of the test system and checked the logs, then restarted an essential service. The Kure immediately popped up to say it was automatically restoring my files, with a progress bar to show how the job was going. When it finished, all of the files were back to their pre-encryption state.

When I tested The Kure two months ago, it failed this same test. The technician opened the double-locked Vault in Advanced Settings, hoping to recover the original files, but he found that the saved copies were already encrypted. Since that time, the product's designers devised a new technique for detecting and foiling encrypting ransomware. They've quite reasonably asked me not to reveal details about how it works. No need to give clues to the bad guys! But as far as I can see, it should work against any attack of this type.

If the malware had succeeded in permanently encrypting my files, I still wouldn't have been eligible for The Kure's $1,000 guarantee. That applies if the technicians are unable to remove the malware itself. It doesn't cover reversing all of the malware's effects.

The Kure succeeded in this test, but don't let that make you complacent. Sooner or later, some cyber-hooligan will come up with a ransomware attack that gets past The Kure's protection. To make sure your data or your business can't be harmed by encrypting ransomware, use a backup utility to keep your important data in a safe online archive. Make sure the backup service retains multiple file versions, else you could wind up with nothing but backups of the encrypted files. Now if you're hit with a ransomware attack that The Kure can't handle, you'll have a way to recover.

Wiping the Slate Clean When you reboot a computer that's protected by The Kure, every file and Registry change that occurred since the last reboot gets swept away, bring the system back to a clean state. Folders containing user data are exempted from this process, naturally. The Kure can't reverse interactions with the outside world, such as a data-stealing Trojan sending your credit card number to its master. And malware-related activity in those exempt folders can't always be reversed. If a Trojan or virus infests the protected system, it will have free rein until the next reboot. But in general the reboot-to-revert system works exactly as promised, and ransomware recovery is now more robust.

Clearly this product is best used in conjunction with a tool that provides real-time antivirus protection. We've actually defined four Editors' Choice antivirus tools: Bitdefender Antivirus Plus, Kaspersky Anti-Virus, McAfee AntiVirus Plus, and Webroot SecureAnywhere AntiVirus. Of these, Webroot is the most likely pairing because it doesn't rely on frequent antivirus signature updates.

More Inside PCMag.com

About the Author

Neil Rubenking served as vice president and president of the San Francisco PC User Group for three years when the IBM PC was brand new. He was present at the formation of the Association of Shareware Professionals, and served on its board of directors. In 1986, PC Magazine brought Neil on board to handle the torrent of Turbo Pascal tips submitted by readers. By 1990, he had become PC Magazine's technical editor, and a coast-to-coast telecommuter. His "User to User" column supplied readers with tips and solutions on using DOS and Windows, his technical columns clarified fine points in programming and operating systems, and his utility articles (over forty of ... See Full Bio